SolarWinds missed early security warnings

Lawmakers scrutinized SolarWinds' security practices, including its use of "solarwinds123" as a password, a lapse blamed on a former intern. 

By David Jones • March 1, 2021

SolarWinds execs warn of short-term impacts from cyberattack, as renewal rates slow

The company will incur up to $25 million in security-related expenses and declined to provide a full-year earnings outlook.

By David Jones • Feb. 26, 2021

Explore the Trendline➔

Top 5 stories from Cybersecurity Dive

A wave of rules, regulations and federal action is putting pressure on businesses to shore up security amid a backdrop of emboldened threat actors has a nice ring to it.

By Cybersecurity Dive staff

FireEye identifies 2 threat activity clusters behind Accellion hack

The security firm has labeled one activity cluster for exploiting the FTA vulnerabilities and the other for extortion.

By Samantha Schwartz • Feb. 23, 2021

Microsoft says it was not a SolarWinds attack vector, after completing internal probe

The company confirmed limited amounts of source code for Azure, Exchange and Intune were downloaded.

By David Jones • Feb. 19, 2021

Water system hack reveals thousands of organizations vulnerable to Window 7 exposure

Critical infrastructure providers and SMBs continue to operate the outdated Microsoft OS without security updates and patches.

By David Jones • Feb. 19, 2021

The next generation of email security

Now, with a single approval of an API, every line of cloud business communication can be secured.

Feb. 16, 2021

The downside of the remote work shift: 85% increase in Insider Risk

The Code42 2021 Data Exposure Report reveals a perfect storm for Insider Risk.

Feb. 16, 2021

Organizations running SolarWinds Orion online drops 25% since December: report

A report by RiskRecon shows only 8% of entities operating on the internet actually upgraded to later versions based on SolarWinds security recommendations.

By David Jones • Feb. 12, 2021

White House taps Neuberger to lead SolarWinds government response

The SolarWinds attack has opened a deeper conversation about the role of the federal government in coordinating cybersecurity policy and sharing intelligence with the private sector.

By David Jones • Feb. 11, 2021

Security flaws enabled Florida city water utility hack

Authorities found poor security hygiene — weak passwords and an outdated operating system — played a role in the hack.

By Samantha Schwartz • Updated Feb. 12, 2021

SolarWinds security to-do list post hack

One of the first changes security teams need to make is in how they consider adversaries' capabilities: Always assume the perimeter has been breached.

By Samantha Schwartz • Feb. 5, 2021

SolarWinds fallout could last for years, as power industry secures vulnerable equipment: Dragos CEO

The energy sector is experiencing a "digital transformation with a threat convergence," the CEO of security company Dragos told the U.S. Department of Energy.

By Robert Walton • Feb. 5, 2021

Mimecast to cut 4% of workforce in restructuring as breach probe continues

More than half of Mimecast's business stems from protecting Office 365, which has become a significant target for cyberattacks, Mimecast CEO Peter Bauer said.

By David Jones • Feb. 4, 2021

FireEye reports record revenue in first report since Red Team hack

The company's discovery of the SolarWinds attack has fueled additional customer demand, which should be reflected in deferred revenue during 2021.

By David Jones • Feb. 3, 2021

Supply chain attacks could open up vendor competition, Moody's says

The continued proliferation of ransomware attacks could lead cyber insurers to reexamine coverage terms. 

By David Jones • Feb. 2, 2021

Actors behind Ryuk testing different operations, challenging attribution

Ransomware's most prominent threat groups are forcing companies to make the malware a permanent part of their threat models. 

By Samantha Schwartz • Jan. 26, 2021

Biden to nominate Obama DHS alum as CISA director: report

Rob Silvers is reportedly stepping into the role left vacant by Chris Krebs after his termination.

By Samantha Schwartz • Jan. 25, 2021

Cyber defense panel sees more private sector coordination following SolarWinds

Defense and intelligence experts say federal agencies need to strengthen private sector support, intelligence sharing to prevent the next big nation-state attack. 

By David Jones • Jan. 20, 2021

Malwarebytes attack linked to SolarWinds' nation-state actors, CEO says

Microsoft notified the cybersecurity firm of a compromise involving Office 365 and Azure consistent with prior nation-state attacks.

By David Jones • Jan. 20, 2021

Symantec spots 4th malware related to SolarWinds hack

Raindrop took on the role of the memory-only dropper Teardrop for organizations of greater interest to the hackers.

By Samantha Schwartz • Jan. 19, 2021

Mimecast attributes supply chain attack to SolarWinds' hackers

The global email security provider was hit by a malicious attack that compromised a certificate used to authenticate some Microsoft 365 products. 

By David Jones • Updated Jan. 26, 2021

Hackers accessed cloud services using phishing, 'pass-the-cookie' attacks, CISA says

In one case, the agency found threat actors accessed a user's account "with proper multi-factor authentication," circumventing the favored security method. 

By Samantha Schwartz • Jan. 14, 2021

SolarWinds initially hacked in September 2019, 3rd malware found

In a new timeline, SolarWinds said hackers likely began testing the malicious code months before the backdoor was deployed.

By Samantha Schwartz • Jan. 12, 2021

Attackers used password spraying, guessing in SolarWinds hack

As experts investigate the damage, the latest CISA update points to a constant in cybersecurity: weak passwords.

By Samantha Schwartz • Jan. 11, 2021

Chris Krebs, Alex Stamos join SolarWinds for hack cleanup

SolarWinds has tapped two high-profile and outspoken security experts to guide its efforts to evolve into a more secure software development company.

By Samantha Schwartz • Jan. 8, 2021